Citing Dodd-Frank SEC Rule 21F-17, the SEC took aim at a technology company for including in confidentiality agreements language that prohibited employees from discussing internal investigations with “outside parties” without first getting approval from the company legal department.

On April 1, 2015, the Securities and Exchange Commission (“SEC”) announced its first enforcement action against a company for including in employee confidentiality agreements language that would have a “potential chilling effect” on whistleblowers. Citing SEC Rule 21F-17, promulgated pursuant to the Dodd-Frank Act of 2010, the SEC took aim at a technology company for including in confidentiality agreements language that prohibited employees from discussing internal investigations with “outside parties” without first getting approval from the company legal department. The company settled the action for $130,000, coupled with an agreement to amend its confidentiality agreements by adding broad language to make clear that employees are not prohibited from reporting possible violations of federal laws to the SEC or other federal agencies without the company’s approval.

According to the company, it included the challenged language to protect attorney-client privilege in the context of internal company investigations and did not realize the language could or would chill whistleblower complaints. But the SEC’s enforcement head stated that the agreements’ imposition of “pre-notification requirements before contacting the SEC” had the effect of potentially discouraging individuals from reporting securities violations, which ran afoul of SEC Rule 21F-17. Rule 21F-17 states: “No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . .”

In June 2014, the SEC fined a hedge fund for retaliating against an employee for reporting an alleged violation by his firm to the SEC. The Chief of the SEC’s Office of the Whistleblower, an office created under Dodd-Frank, stated in October 2014 that his office was “on the hunt” for a case to follow that retaliation case and stated that the SEC was “going to bring a case where somebody has asked an employee or forced an employee to sign a document that in order of substance means they can’t report to us.”

Practical Implications

Rule 21F-17 applies only to publicly traded companies. The SEC noted that the rule applies to “confidentiality, employment, severance or other types of agreements.” Therefore, almost any agreement with an employee or former employee is fair game for an enforcement action, if the employer is a public company and the agreement contains language that appears to bar or discourage employees from reporting possible securities law violations to the SEC. Indeed, even agreements with non-employees could be impacted, as an individual does not have to be an employee to be a “whistleblower” under SEC rules. In a statement about the settled confidentiality agreement case, the Chief of the SEC’s Office of the Whistleblower stated that “[o]ther employers should . . . review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC.” Going forward, public employers should review the wording of agreements for compliance and should consider including a caveat at the conclusion of any confidentiality agreement or provision stating that nothing in the agreement or provision shall prevent the individual from reporting any suspected securities violations to the SEC pursuant to SEC Rule 21F-17.